Skip to main content

Compliance Reports

Defend generates compliance reports that map your endpoint security posture to industry frameworks. Reports are generated on-demand or on a recurring schedule and exported as PDF for auditors.

Supported Frameworks

FrameworkWhat It Covers
SOC 2 Type IIDetection and response controls, audit logging, access management, incident handling
HIPAA Security RuleAudit controls, access monitoring, security incident procedures, device encryption
NIST CSFIdentify, Detect, Respond maturity scoring across subcategories
Cyber Insurance — CoalitionCoalition-specific questionnaire format with evidence mapping
Cyber Insurance — AtBayAtBay risk assessment format
Cyber Insurance — CorvusCorvus security questionnaire format

Report Contents

Each report includes:

  • Controls covered — Which framework controls Defend satisfies, with evidence from telemetry
  • Control gaps — Controls that require additional products or manual attestation
  • Detection metrics — Detection count, mean time to detect (MTTD), mean time to respond (MTTR)
  • Response metrics — Actions taken, approval times, verification results
  • Device coverage — Percentage of endpoints with active Defend enrollment
  • Telemetry health — Confirmation that telemetry is flowing from all enrolled devices
  • Remediation recommendations — Specific steps to close control gaps

Generating a Report

On-Demand

  1. Navigate to Compliance → Reports
  2. Click Generate Report
  3. Select the framework, reporting period (e.g., last quarter), and scope (all devices or specific groups)
  4. Click Generate — the report is built asynchronously
  5. Once complete, download the PDF from the reports list

Scheduled

  1. Navigate to Compliance → Settings
  2. Configure a schedule (monthly or quarterly)
  3. Select the frameworks to generate
  4. Reports are automatically generated and available for download on the configured cadence
ℹ️Report generation is asynchronous and may take several minutes depending on the reporting period and number of devices. You'll see a notification when the report is ready.

Exporting for Auditors

All reports are generated as PDF documents with:

  • Professional formatting suitable for external auditors
  • Framework-specific control numbering (e.g., SOC 2 CC6.1, HIPAA §164.312)
  • Evidence references linking back to specific telemetry queries
  • Report generation timestamp and data freshness indicator

Download reports from Compliance → Reports using the download button. Reports are stored in Azure Blob Storage with signed download URLs.

Continuous Compliance Monitoring

The compliance dashboard widget shows real-time status:

  • Green — All monitored controls are satisfied
  • Yellow — Some controls have degraded coverage (e.g., devices offline, telemetry gaps)
  • Red — Critical control gaps detected (e.g., no active detections for required techniques)

This gives you continuous visibility into your compliance posture between formal report generations.

Controls That Require Manual Attestation

Some framework controls cannot be verified through telemetry alone:

  • Physical security controls
  • Personnel background check requirements
  • Business continuity planning documentation
  • Vendor risk management processes

These are flagged in reports as requiring manual attestation with guidance on what evidence to provide.

Next Steps